Web Site Client Access Policy File Detection

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote web server contains a 'clientaccesspolicy.xml' file.

Description :

The remote web server contains a client access policy file. This is a
simple XML file used by Microsoft Silverlight to allow access to
services that reside outside the exact web domain from which a
Silverlight control originated.

See also :

http://www.nessus.org/u?85a62f76

Solution :

Review the contents of the policy file carefully. Improper policies,
especially an unrestricted one with just '*', could allow for cross-
site request forgery or other attacks against the web server.

Risk factor :

None

Family: CGI abuses

Nessus Plugin ID: 72427 ()

Bugtraq ID:

CVE ID: